Problem with LDAP after upgrade to Yunohost 2.4

Niltugor · May 21, 2016, 6:12am

English version

Hi,

After an automatic update of Yunohost to 2.4 (with sudo yunohost tools upgrade), I can’t access to any of my accounts. So I can’t access my server through ssh, I have to connect in root directly from the computer.

When I try to connect to the admin API, there is

Unable to reach LDAP server

With ldapsearch -LLL -D cn=admin,dc=yunohost,dc=org -W -b dc=yunohost,dc=org uid=<my account> I have

ldap_sasl_bind(SIMPLE): Can’t contact LDAP server (-1)

And with systemctl status slapd -l, there is

● slapd.service - LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)
Loaded: loaded (/etc/init.d/slapd)
Active: failed (Result: exit-code) since sam. 2016-05-21 11:54:07 CEST; 30s ago
Process: 696 ExecStart=/etc/init.d/slapd start (code=exited, status=1/FAILURE)

mai 21 11:54:06 Host-003 slapd[779]: @(#) $OpenLDAP: slapd (Jan 16 2016 23:00:08) $
root@chimera:/tmp/buildd/openldap-2.4.40+dfsg/debian/build/servers/slapd
mai 21 11:54:07 Host-003 slapd[779]: ldif_read_file: Permission denied for “/etc/ldap/slapd.d/cn=config.ldif”
mai 21 11:54:07 Host-003 slapd[779]: DIGEST-MD5 common mech free
mai 21 11:54:07 Host-003 slapd[779]: slapd stopped.
mai 21 11:54:07 Host-003 slapd[779]: connections_destroy: nothing to destroy.
mai 21 11:54:07 Host-003 slapd[696]: Starting OpenLDAP: slapd failed!
mai 21 11:54:07 Host-003 systemd[1]: slapd.service: control process exited, code=exited status=1
mai 21 11:54:07 Host-003 systemd[1]: Failed to start LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).
mai 21 11:54:07 Host-003 systemd[1]: Unit slapd.service entered failed state.

The command yunohost service regen-conf slapd --verbose always fail

Traceback (most recent call last):
File “usr/bin/yunohost”, line 206, in
password=opts.password, parser_kwargs={‘top_parser’: parser}
[…]
Key Error: ‘getpwnam(): name not found: admin’

What can I do?

Version française :

Bonjour,

Après une mise à jour automatique de Yunohost vers la version 2.4 (avec sudo yunohost tools upgrade), je n’ai plus accès à aucun de mes comptes. Je ne peux plus me connecter en ssh et le seul moyen que j’ai est donc de me connecter en root directement sur l’ordinateur.

Quand j’essaie de me connecter à l’interface admin, il y a :

Unable to reach LDAP server

Avec la commande ldapsearch -LLL -D cn=admin,dc=yunohost,dc=org -W -b dc=yunohost,dc=org uid=<mon compte> j’ai :

ldap_sasl_bind(SIMPLE): Can’t contact LDAP server (-1)

Et la commande systemctl status slapd -l, me renvoie

● slapd.service - LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)
Loaded: loaded (/etc/init.d/slapd)
Active: failed (Result: exit-code) since sam. 2016-05-21 11:54:07 CEST; 30s ago
Process: 696 ExecStart=/etc/init.d/slapd start (code=exited, status=1/FAILURE)

mai 21 11:54:06 Host-003 slapd[779]: @(#) $OpenLDAP: slapd (Jan 16 2016 23:00:08) $
root@chimera:/tmp/buildd/openldap-2.4.40+dfsg/debian/build/servers/slapd
mai 21 11:54:07 Host-003 slapd[779]: ldif_read_file: Permission denied for “/etc/ldap/slapd.d/cn=config.ldif”
mai 21 11:54:07 Host-003 slapd[779]: DIGEST-MD5 common mech free
mai 21 11:54:07 Host-003 slapd[779]: slapd stopped.
mai 21 11:54:07 Host-003 slapd[779]: connections_destroy: nothing to destroy.
mai 21 11:54:07 Host-003 slapd[696]: Starting OpenLDAP: slapd failed!
mai 21 11:54:07 Host-003 systemd[1]: slapd.service: control process exited, code=exited status=1
mai 21 11:54:07 Host-003 systemd[1]: Failed to start LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).
mai 21 11:54:07 Host-003 systemd[1]: Unit slapd.service entered failed state.

La commande yunohost service regen-conf slapd --verbose échoue à chaque fois

Traceback (most recent call last):
File “usr/bin/yunohost”, line 206, in
password=opts.password, parser_kwargs={‘top_parser’: parser}
[…]
Key Error: ‘getpwnam(): name not found: admin’

Que puis-je faire ?

jerome · May 21, 2016, 12:19pm

@Niltugor, you have to be logged as root to execute yunohost command - I know, it’s not a clear message… So, either execute sudo -i to become root or use sudo yunohost.... In your case, it’s better to do the first one if the LDAP is unavailable - since the admin user is a LDAP one.

Niltugor · May 21, 2016, 12:25pm

I’m already in root, because the only access I have to the server is in local with root access. So all the commands I entered were as root.

I tried sudo yunohost service regen-conf slapd --verbose but the error is the same.

jeremy54 · May 21, 2016, 12:38pm

Exactly the same for me… I get a "name not found: admin"
And I have to log on as root directly on my server, I cannot access through putty anymore.

jerome · May 21, 2016, 12:42pm

Oh, yes, of course, sorry… Could you so paste the complete error please?

Also, to try to fix slapd start, you can try to execute: /usr/share/yunohost/hooks/conf_regen/06-slapd init

jeremy54 · May 21, 2016, 12:46pm

Here are my logs : https://paste.yunohost.org/pepecutexo | (after executing /usr/share/yunohost/hooks/conf_regen/06-slapd init) https://paste.yunohost.org/orusazejec

jeremy54 · May 21, 2016, 12:50pm

I cannot paste because I don’t have any access through SSH with putty. But this looks like the error of Nlltugor

jerome · May 21, 2016, 12:55pm

Mmh not exactly, since your LDAP server is running… Did you also upgrade to Debian Jessie or was it already done?

jeremy54 · May 21, 2016, 12:58pm

I made the upgrade to Debian Jessie from Wheezy, then I made the update. As described here => Parution de YunoHost 2.4

Niltugor · May 21, 2016, 1:03pm

Here the result of /usr/share/yunohost/hooks/conf_regen/06-slapd init

574058c0 mdb_db_open: database “dc=yunohost,dc=org” cannot be opened: No such file or directory (2). Restore from backup!
574058c5 backend_startup_one (type=mdb, suffix=“dc=yunohost,dc=org”): bi_db_open failed! (2)
slap_startup failed (test would succeed using the -u switch)

And I made a picture for the complete error for yunohost service regen-conf slapd --verbose

Gwendal · May 21, 2016, 3:53pm

I have the exact same problem: I tried to update to 2.4 from a working Yunohost 2.2 on Jessie, and during the upgrade I encountered the following messages:

....
Attention : 574081b1 mdb_db_open: database "dc=yunohost,dc=org" cannot be opened: No such file or directory (2). Restore from backup!
Attention : 574081b1 backend_startup_one (type=mdb, suffix="dc=yunohost,dc=org"): bi_db_open failed! (2)
Attention : slap_startup failed
Erreur : Échec de l'exécution du script « /usr/share/yunohost/hooks/conf_regen/06-slapd »
....

I haven’t rebooted my machine yet, so I am still logged in as root. But I am affraid to restart and to not be able to log in anymore .

With the non-rebooted machine, I tried the command again manually with no success:

$ /usr/share/yunohost/hooks/conf_regen/06-slapd init
5740834b mdb_db_open: database "dc=yunohost,dc=org" cannot be opened: No such file or directory (2). Restore from backup!
5740834b backend_startup_one (type=mdb, suffix="dc=yunohost,dc=org"): bi_db_open failed! (2)
slap_startup failed (test would succeed using the -u switch)

Any ideas? Thanks in advance! Really looking forward to use 2.4

jerome · May 21, 2016, 4:24pm

After discussions with @jeremy54 and an access to his server, there could be a migration issue when upgrading to Debian Jessie.
To check if it’s your case, execute: slapcat. If it doesn’t return anything and if the folder /var/lib/ldap/ contains some files named __db.001, you seem to be concerned. The fact is that the LDAP backend changed from hdb to mdb in Debian Jessie but no database migration was done in YunoHost v2.2. Here is how to fix that:

Ensure that you’ve upgraded YunoHost to v2.4 and there is no pending package upgrade - a fix has just been released today.
Replace the LDAP backend to the old one to recover your database: sed -i 's/mdb/hdb/g' /etc/ldap/slapd.conf
See if the old database is loaded again by checking the output of: slapcat
- If it still doesn’t return anything, execute the following commands:

rm -Rf /etc/ldap/slapd.d
mkdir /etc/ldap/slapd.d
slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d/ 2>&1
chown -R openldap:openldap /etc/ldap/slapd.d/
service slapd restart

Check again the output of: slapcat. If it’s still doesn’t return anything, there should be another issue…
Regenerate LDAP configuration and update the backend: yunohost service regen-conf slapd --verbose --force
Check if everything works well… by executing: slapcat!

Gwendal · May 21, 2016, 4:39pm

Thank you so much, this worked perfectly! I can log in once again

Indeed I had upgraded to Jessie, so I must have been in the exact situation you described.

thanks again! let’s now have fun with version 2.4

jerome · May 21, 2016, 4:42pm

With pleasure! Glad to know it worked for you!

Niltugor · May 21, 2016, 4:55pm

It worked for me too! Big thanks!!! For me that kind of solution is almost magic

jeremy54 · May 21, 2016, 4:56pm

Yes, it was a hard way, isn’t it Jérôme ?

jerome · May 21, 2016, 5:21pm

Nice! Glad to know that too!! I’ll mark this topic as solved so!